I am trying to add a DS1618+ as a Member DC in an existing Windows domain. It does all its checks fine, then starts and gets to about .5% complete, hangs for a bit, then fails. Not much in the way of an error message, it just says to "Failed to join domain. Contact Synology Support".

I SSH'd into the box and went to /var/log and found this in the "synoscgi.log"

failed to exec '/var/packages/SMBService/target/usr/bin/samba-tool domain join mydomain.local DC --dns-backend BIND9_DLZ --username myusername --password <masked> -configfile /etc/samba/synoadserver.conf', ret 255

task (DomainSDCConnector) execution failed because failed to create domain

I then looked in /etc/samba for the "synoadserver.conf" file referenced in the failed command. It did not exist. So, I searched the file system, found one, copied that to /etc/samba, tried to become a member DC again, it failed again the same way. Oddly, the file I copied into /etc/samba disappeared which leads me to believe that the NAS is responsible for creating this file and dropping it in that folder.

I should point out that I have no issue with simply joining the NAS to the same domain, I am just unable to make it a member DC.

Any ideas? What should I look for in the log dump via Support Center/Support Services/Generate Logs ?? The system is air gapped and has no internet access which further complicates issues.

Thanks in advance for any help you can provide.

If memory serves me correct, windows server and synology nas cannot coexist as DC's. There is a lot of guides kicking atound on the 'other' synology forum and i know that one of them works as I setup a pair of DS1817+ in HA running a 30 user domain, which has been ticking along for just unsder 4 years with zero downtime. My employer bought a company in poland in 2017, which was joined to the former owners network in france and not only did i have to build the AD on synology from scratch, I couldn't put it into production until the other servers were removed from the local network. 99% sure it is one or the other.

Further to this, the Synology server can do evertything you would want from a windows server, just need to use non domain PC with RSAT installed (just has to be correct version to be compatible with ad server version)

Thanks for the help. I do have RSAT working as you state in another small domain, but in that domain, there is only Synology in the mix, no windows servers. The info I have been giving to Synology support seems to be way over their heads. So, I gathered the log files, unzipped the .DAT and dug into those files. In one of those log files there is this error: WERR_DS_INCOMPATIBLE_VERSION which would be right in line with what you are saying. You would think the first answer from Synology support would be "you cant become a member DC of a Windows domain". I will wait to see what they have to say, but for now, I will give up on this idea. Thanks again.

Finally, Synology support validated your answer. You can't mix Synology directory server with windows AD.

I'm glad you got your answer. I know synology AD can be a bit offputting / daunting but it does what it says on the tin. HA certainly has played it's role too - when it has had to work it has, with downtime of less than a minute every time.